A step towards stealth mode

A

Aishwarya Ravindran

started a topic
about 1 year ago

During an investigation, it is often important to ensure that whatever you do, you do not “touch” the target. For example, if you are investigating a particular server, you do not want to leave a trace in the traffic logs that youwere there.

In general, the Maltego client does not contact any servers directly, and only via the transform servers such as the CTAS. One exception to this is when icons are fetched by the client itself to show on the graph, such as with the Image entity loading a preview of a URL, and more recently with the Overlay icons introduced in the previous release. This includes the Favicon overlay of the default Website entity.

It was always possible to disable this in the Options of Maltego, but in Maltego 4.2.3 we have now made it easier to find, right next to the ‘Number of Results’ slider in the ribbon:

Additionally, during the initial configuration after a new install, Maltego will now ask you what privacy mode you would prefer, with a description of each:

In the future, we plan to expand this feature further by introducing a Super Stealth mode, where we will enforce the behaviour on the transforms as well. This will require transformsto indicate whether they touch the system being investigated or are simply pulling the data from a pacified source.